The Internet of Things (IoT) era has finally arrived, and businesses need to be prepared for a world where everything is connected.
I’m an analyst so I’ll support my proclamation that IoT is here with data: There are currently 25 billion internet-connected devices, and that will double by 2020 and then grow to 80 billion by 2025.
However, there’s a more basic way of understanding where we are in the adoption cycle: IoT has become the norm, not the exception, according to companies I talk to. IT and business leaders no longer look at me like I have three eyes when I say, “IoT.” In fact, in many conversations with them, the term IoT never comes up — yet they are connecting things. Companies are connecting more things because it makes their businesses run better, and over the next decade, this trend will accelerate.
For the network manager, though, IoT does present some new challenges — most notably around managing and securing a network that has an order of magnitude more devices. Network managers have their work cut out for them as the flood of new devices — both inside and outside the company walls — makes things significantly more complicated. Network professionals already struggle to manage the current set of connected endpoints, and IoT makes the job exponentially more difficult.
Using DDI to manage and secure IoT devices
One tool that can help network operations meet the challenges of an environment where more and more things are being connected is DDI, which is a nice tight acronym for DNS, DHCP and IP Address Management. DDI is actually a set of tools:
- Domain Name System (DNS) is a naming system for connected devices. It translates domain names into numerical IP addresses, making it one of the most important components of the internet.
- Dynamic Host Configuration Protocol (DHCP) automates the process of assigning IP addresses to networked endpoints. This removes the burden from network managers to manually assign addresses to each device.
- IP address management (IPAM) is used to plan, track and manage IP addresses within an organization.
DDI is critical to IoT success because it can greatly improve management and security in the following ways:
Management of IP addresses
Many businesses track and manage IP addresses with spreadsheets or homegrown tools. If the network is more than just a few hundred connected endpoints, manually managing them becomes complex and overwhelming. As the number of connected devices increases, many businesses will run out of IPv4 addresses and will need to migrate to IPv6, which adds another layer of complexity due to the complicated nature of the IPv6 addressing scheme. Also, most IoT devices are deployed by the operational technology (OT) group, so network operations may not even be aware of all the devices. IPAM has visibility into every endpoint that is connected, such as device identification and other attributes.
IPAM solutions can also send alerts when new endpoints join the network, which can reduce risk and ensure compliance. IPAM provides granular information on the status of the device, including who is responsible for patching the system and for the apps running on it and who needs to be notified when a patch will interrupt service. IPAM should be thought of as a foundational component of IoT so the people who run the network have organization-wide visibility into all connected endpoints.
Automated discovery of IoT devices
To be added to a network, all new devices must make a DHCP request, which lets the DDI solution “fingerprint” it. This can be used to identify the device and enable the tracking of its activities. The DDI solution maps the IP address to the MAC address and operating system as part of the DHCP process. Network managers can set up a device usage enforcement policy to disallow violating devices to join the network. For example, if someone hijacks an IoT device and tries to use that address for prohibited activity, the DDI solution can kick it off the network.
DDI solutions help improve security in multiple ways. By monitoring DNS requests from every connected device, it can see malicious activity and data exfiltration attempts via DNS, which helps a company comply with data protection regulations. Also, the solution can monitor and halt the communication between botnet zombies and servers, stopping the flow of valuable information. Advanced and curated threat intelligence aggregated from several sources helps keep the protection up to date while avoiding conflicts and minimizing false positives.
DDI can also help with asset tagging and provide contextual information to third-party security vendors, but I thought the three I listed above were the most impactful to the network professional.
Over the next few years, I expect to see IoT deployments accelerate and the burden to ensure these devices connect, perform well and are secured will fall on the networking group. Ensure the proper tools, such as DDI, are in place now, so when the wave of connected endpoints comes, the network will be ready.